Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Alguém poderia olhar o log abaixo, por favor?
Obrigada.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:02:52, on 1/22/aaaa
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\Arquivos de programas\Alwil Software\Avast4\setup\avast.setup
C:\WINNT\system32\VTTimer.exe
C:\WINNT\system32\VTtrayp.exe
C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe
C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Arquivos de programas\SEC\Natural Color\NaturalColorLoad.exe
C:\HijackThis\HijackThis.exe
C:\WINNT\system32\wuauclt.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ufrgs.br/ufrgs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 143.54.1.101:3128
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Arquivos de programas\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: NaturalColorLoad.lnk = C:\Arquivos de programas\SEC\Natural Color\NaturalColorLoad.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/elivro/support/...s/ebraryRdr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205850891765
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
O17 - HKLM\System\CCS\Services\Tcpip\..\{353048D0-F361-4C3C-8C30-1EAE1BD65368}: NameServer = 143.54.1.52,143.54.1.53
O17 - HKLM\System\CS1\Services\Tcpip\..\{353048D0-F361-4C3C-8C30-1EAE1BD65368}: NameServer = 143.54.1.52,143.54.1.53
O17 - HKLM\System\CS2\Services\Tcpip\..\{353048D0-F361-4C3C-8C30-1EAE1BD65368}: NameServer = 143.54.1.52,143.54.1.53
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
--
End of file - 6230 bytes
Oi, o antivirus do mciro detectou cinco trojans.
Por isso pedi para alguém dar uma olhada no log do hijack.
Obrigada.
Boa Tarde! Annluciap
<@> Faça o download do a-squared Free 4.0.
<@> Abra o programa e clique em: Atualizar agora --> Aguarde!
<@> Terminando,clique em: "Scan PC"
<@> Escolha a opção: "A fundo" --> Clique,à seguir,em "Analisar".
<@> Terminando,marque as caixinhas dos ítens encontrados e clique em "Enviar marcados à Quarentena".
<@> Salve o relatório desta verificação,e poste-o na sua resposta.
Abraços!
Olá,
segue relatório.
Obrigada.
a-squared Free - Versão 4.0
Última atualização 1/28/quarta-feira 11:22:49
Configurações da análise:
Objetos: Memória, Rastros, Cookies, C:\
Análise de arquivos: Ligado
Heurística: Ligado
Análise de ADS: Ligado
Início da análise: 1/28/quarta-feira 11:35:23
Key: HKEY_USERS\S-1-5-21-1202660629-1078081533-725345543-500\software\kazaa detectado: Trace.Registry.KaZaA!A2
C:\Documents and Settings\Administrador\Cookies\administrador@adserver.dialhost.com[2].txt detectado: Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Administrador\Cookies\administrador@adserver.dialhost.com[2].txt detectado: Trace.TrackingCookie.adserver!A2
C:\Documents and Settings\Administrador\Cookies\administrador@doubleclick[1].txt detectado: Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\Administrador\Cookies\administrador@ig.com[2].txt detectado: Trace.TrackingCookie.ig.com!A2
Analisado
Arquivos: 27379
Objetos: 402907
Cookies: 21
Processos: 30
Encontrado
Arquivos: 0
Objetos: 1
Cookies: 4
Processos: 0
Chaves do registro: 0
Fim da análise: 1/28/quarta-feira 12:07:00
Duração da análise: 0:31:37
C:\Documents and Settings\Administrador\Cookies\administrador@ig.com[2].txt Em quarentena Trace.TrackingCookie.ig.com!A2
C:\Documents and Settings\Administrador\Cookies\administrador@doubleclick[1].txt Em quarentena Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\Administrador\Cookies\administrador@adserver.dialhost.com[2].txt Em quarentena Trace.TrackingCookie.adserver!A2
C:\Documents and Settings\Administrador\Cookies\administrador@adserver.dialhost.com[2].txt Em quarentena Trace.TrackingCookie.adserv!A2
Key: HKEY_USERS\S-1-5-21-1202660629-1078081533-725345543-500\software\kazaa Em quarentena Trace.Registry.KaZaA!A2
Em quarentena
Arquivos: 0
Objetos: 1
Cookies: 4
Boa Tarde! Annluciap
<!> Abra o HijackThis --> Clique: Do a system scan only
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
<!> Marque,àcima,estas entradas! --> Clique em Fix checked. --> Sim!
------------------------------
<@> Faça um scan online em: < Kaspersky >
<@> Utilize para isso,o navegador Internet Explorer.
<!> Acesse o site,e clique em: < /applications/core/interface/imageproxy/imageproxy.php?img=http://img265.imageshack.us/img265/9241/kasperdx9.jpg&key=5da30928d6a3dc04edefe3b030dc936ff47d64c2422bfdf6f0d4c186b977d57c" alt="kasperdx9.jpg" /> >
<@> Na próxima página,clique em: I Accept
<@> Isto,para que se instale o controle ActiveX e,em seguida,atualize o banco de dados.
<@> Na próxima página,clique em: My Computer e faça o scan.
<@> Tenha paciência!
<@> Aguarde a atualização da base de dados,e também do exame,que é demorado.
<@> Terminando,salve e poste o relatório.
<@> Clique em Save Report As... para salvar o log. ( Kaspersky_Online_Scanner_7_Report.txt )
<@> Salve o resultado como .txt,segundo a imagem abaixo:
/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v666/sUBs/Kas-Savetxt.gif&key=12df84cc9364ed13311153b7405127e0f208cd4a0679232596972a39ca5dfe36" alt="Kas-Savetxt.gif" />
<@> Poste,também,HijackThis atualizado.
Abraços!
Oi seguem os logs.
Obrigada.
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, January 30, 2009
Operating System: Microsoft Windows 2000 Professional Service Pack 4 (build 2195)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, January 30, 2009 13:03:07
Records in database: 1728252
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
Scan statistics
Files scanned 19727
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 00:46:55
No malware has been detected. The scan area is clean.
The selected area was scanned.
***************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:59, on 1/30/aaaa
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Arquivos de programas\a-squared Free\a2service.exe
C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\VTTimer.exe
C:\WINNT\system32\VTtrayp.exe
C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe
C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Arquivos de programas\SEC\Natural Color\NaturalColorLoad.exe
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ufrgs.br/ufrgs/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 143.54.1.101:3128
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Arquivos de programas\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Arquivos de programas\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: NaturalColorLoad.lnk = C:\Arquivos de programas\SEC\Natural Color\NaturalColorLoad.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/elivro/support/...s/ebraryRdr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205850891765
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
O17 - HKLM\System\CCS\Services\Tcpip\..\{353048D0-F361-4C3C-8C30-1EAE1BD65368}: NameServer = 143.54.1.52,143.54.1.53
O17 - HKLM\System\CS1\Services\Tcpip\..\{353048D0-F361-4C3C-8C30-1EAE1BD65368}: NameServer = 143.54.1.52,143.54.1.53
O17 - HKLM\System\CS2\Services\Tcpip\..\{353048D0-F361-4C3C-8C30-1EAE1BD65368}: NameServer = 143.54.1.52,143.54.1.53
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
--
End of file - 5518 bytes
Boa Tarde! Annluciap
<!> Estando tudo Ok,crie um ponto limpo de Restauração do Sistema.
<!> Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema.
<!> Marque: Desativar Restauração do Sistema --> Aplicar --> Ok.
<!> Depois,desmarque novamente! --> Aplicar --> Ok.
<!> Para maiores detalhes,vá em: < Docs >
-----------------------------
<!> O log está limpo! :thumbsup:
Abraços!
Obrigada pela ajuda.
PROBLEMA RESOLVIDO!
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Boa Tarde! Annluciap
<!> O que ocorre com o PC? :mellow:
Abraços!